The European Union is working on a legislation that will force tech companies to turn over customer data even if it is stored on servers outside of its borders. The legislation appears to be an exception to the usually pro-user policies of the union. Reuters reports that while this borderless access to data was initially restricted to data stored within the 28-nation bloc, the EU authorities are now considering to extend this scope.
The EU executive has previously indicated it wanted law enforcement authorities to be able to access electronic evidence stored within the 28-nation bloc. But the scope of the planned legislation will extend to data held elsewhere, according to two sources with direct knowledge of the matter.
United States has also been seeking to work on a legislation - currently known as the Cloud Act - that will make it easier for the country to access customer data stored outside of the US. While Microsoft and other tech companies are supporting the work on the Cloud Act, the country is battling against Microsoft in a landmark case where the company is being forced by the authorities to hand over customer data stored in Ireland.
Microsoft and other tech giants argue that giving up data stored elsewhere is an attack on that country's sovereignty and, more importantly, that users would no longer trust cloud services. While the US is pushing for laws that will enable it to have special agreements with its allies to offer easier access to data, these companies have a userbase that goes beyond just a few countries.
In a similar move, China has recently pushed Apple - previously considered the most stubborn tech company when it comes to user privacy - to store data of Chinese residents on local servers to ensure the authorities don't have to deal with US or any other country's legal system to get data access. However, that move attracted concerns from not only privacy advocates but human rights groups as well who believe that the company is just enabling the state to make arrests of the dissidents who opt for foreign products and technologies to freely communicate with each other.
EU: MLATs are slow and inefficient
Currently, the law enforcement agencies have to go through mutual legal assistance treaties (MLAT) to get access to data. However, governments argue that this process is slow and inefficient when trying to catch criminals.
While tech companies are pushing for laws that could make it easier for them to deliver data without getting the heat from their users, advocates also warn that any such local legislations are in conflict with existing laws. US and EU strongly prohibit information disclosure to foreign governments. It will be interesting to see how EU will push the tech companies to hand over data on consumers stored overseas while also trying to protect data that is stored locally from foreign disclosure.
It also appears that EU may have no real intent of passing such a law and is actually using this to strengthen its negotiating position with the United States. "Of course when we look at the transatlantic regime there we have to agree on the reciprocity with the American authorities,” European Justice Commissioner Vera Jourova said. "This issue of reciprocity in the law enforcement area is highly necessary to discuss in order to avoid the problem of conflict of laws."
